Top 8 Cyber Threat Maps To Track Cyber Attacks

Cyber threats can be quite elusive and intangible: who are the people behind cyber attacks and where are they targeting their attacks?

With cyber attacks happening around the world and across the cyber connected world, threat intelligence, specifically threat maps, are a powerful way to make threats and attackers concrete.

Threat maps illustrate the millions of cyber threats happening every day. In addition to visualizing the attacks, cyber threat maps also provide a limited amount of context including the source and target countries, attack types, and historical and (near) real-time data about threats.

Cyber Threat Map Limitations

But we’ll be upfront about the faults of threat maps. Many of these maps may claim that they show data in real-time, but in reality, most show a playback of records of previous attacks. Also, threat maps show anonymized data, without any insights into the identity of the attackers or the victims.

Threat actors tend to forge their real locations, meaning that these are often displayed incorrectly on attack maps and their source may be incorrect.

As a result, some cybersecurity professionals question the real value of threat maps.

However, you can use a threat map as an addition to your threat intelligence sources as it provides valuable insight into your organization's threat posture.

How To Use Cyber Threat Maps

Not only are they fun to look at, to be completely human and honest, but threat maps can be valuable to help your security team make connections and predictions on future attacks where your company may fall into the mix. Threat maps provide that visual connection that turns information into intelligence.

There a few different types of threat maps. Some display comprehensive information, some show limited amounts of data to narrow its scope. Some threat maps use a different timeframe when illustrating attacks, near real-time or historical.

Below, we've collected some of the best maps you can use to expand your threat intelligence arsenal.

Note: One of the most popular solutions, Norse's threat map, is currently unavailable, so we've included an alternative instead.

1. Kaspersky

The Kaspersky Cyberthreat Real-Time Map’s default view shows attacks around the globe with options to rotate and zoom on a specific country to see nation-specific threat data.

While it isn't clear how current the real-time the data is used in the threat map, Kaspersky uses multiple data sources – such as on-access scans, on-demand scans, botnet activity detection, and mail anti-virus – for the attacks.

If you head inside the "Statistics" tab, you can get useful insights from historical data sets, such as the top threat types and the most infected countries.

2. Fortinet

Fortinet's threat map solution is very similar to the now-defunct Norse threat map. Along with the visuals, the map shows a log of threat types, their severity, and their target locations.

With a click, you can display country-specific details in the form of a chart. If you are a Fortinet customer, you can have your own customized threat map.

3. Check Point Software

In addition to seeing attack playbacks, you can get access to more information if you click the arrow icon at the bottom of the page. The additional data includes the top targeted countries and industries as well as the most-used malware types and a chart with recent daily attacks.

4. Deteque

Deteque features a threat map displaying near-live botnet threats. While Deteque may show a few promotional tabs on screen, the visuals show the Command & Control botnet server locations as well as the areas with the most intense bot activity.

You can find more stats on the bottom of the page, including the number of active bots in the last 24 hours, as well as the countries and ISPS with the worst botnet infections. Clicking on a red circle (bot activity areas) will also show additional information.

5. FireEye

FireEye's threat map keeps things quite simple; thus, it lacks the details of the other solutions. According to the organization, the map uses "a subset of real attack data" that has been optimized for "better visual presentation."

While you can see the source and the target of new attacks in a log at the top, you can also see the total number of daily attacks and the top industries targeted by threat actors in other tabs.